CAUTION: Orbi's Wifi Guest Network does not really isolate guests from main network
I was just playing around around with the Guest Network in Orbi and made a rather disturbing discovery that guest clients don't seem to be separated totally from the main network, in fact can access many resources on the main network.
My setup is as normal Wireless setup and I have also created a Guest Network. Note under Advanced -> Guest Network I have DISABLED "Allow guest to see each other and access my local network". This would indicate to me that the Guest Network would be isolated fromt the main network.
However I noticed when I connect to the Guest Network I get an IP address in the same range as the main network which is already strange. The usual way to seprate a Guest network is to have a separate IP range. Orbi doesn't do that as it doesn't seem to have a separate DHCP server for Guest Network.
Now having the same IP segment I noticed that some trickery is done that prevents TCP connection to main network. For example if from the Guest Network I want to ping a system on the main network it times out. So Netgear does something to block standard layer 3 TCP connections.
However I have a number of devices that use Bonjour (mDNS) services on my main network, for example my printer and my file server use it. Now even when I am connected to the Guest Network I can still see these devices and CONNECT to them!
I am not sure what to think about this but this is a major security hole. People would assume that a Guest Network is separate from the main network but what I can see right now the Orbi Guest Network has only a partical sepration that is not really a Guest Network at all!
